Replyy.com Houses “Frecharge”, An Attempt To Get Your Facebbok Account ‘Self Hacked’ In Hope Of A Free Rs50 Recharge

Frecharge (a play on the name freecharge.in), hosted on Replyy.com has already been liked by 5000+ Facebook users and has been shared on various social networks more than 50 times, with the number increasing rapidly and hopefully sadly, in the near future, almost exponentially. Frecharge is a website which in in return of its promise of giving you a free recharge of Rs 50 takes your facebook upload email ID without your knowledge. The ID gives them the power to upload photos and update the status of a particular user. It should be noted that this is not the first time that facebook’s upload email ID has been used to take over users’ accounts. I posted about it the first time it had happened as well. Building more upon this service, I saw the following post a certain someone’s facebook wall today saying “Yes, Its true! I got free recharge of Rs50 <3 <3 <3 Awesome http://replyy.com/” and “INR 50 is not bad when you get it in free recharge? Recharge yours at http://replyy.com”:
Quite naturally, curiosity (read greediness) got better of me and I opened the website in hope of either getting the recharge (albeit I knew it was a scam) and subsequently in hope of defacing a new website which tries (and succeeds) in taking over the facebook accounts of n()()bs. So with the attention bar set to its maximum (trust me, it’s not much) I opened the website and stumblde upon this:

A clean interface, a couple of AdSense advertisements placed here and there, three social bookmarks at the top and a pretty font (which has been copied from somewhere, though I fail to recollect the name of that particular somewhere) and links to Contact Us pages in the footer; much like any other website on the internet. Convincing enough for the average user (read non geek).

So to try it out and I entered my mobile number (I have DND activated so there is only so much damage that could have been done) and my name, both legit and clicked on recharge now. I think this the best moment to remind you of this particular idiom.

With that done, I was presented with the screen you see below. The video that you see in the image has also been embedded below (with the new ‘black’ player by YouTube).

If you are not able to understand what happened above then I urge you to see the video.

Basically, Frecharge asks the user for his/her secret facebook upload email ID using which the hacker can do virtually anything through that particular account. The Facebook upload ID is something which should never be shared with anyone and should be updated regularly.

With that done I was nearing the completion of the process and only the last step was left, which was entering the confirmation code that I had received on my phone as a text message. So I entered the code and pressed Confirm Code and Recharge.

And boom!

Do you think the recharge was successful? Answer in the comments.

Solution (If You Have Already Given Your Upload ID)

If you have already given away your email ID and stuff is being pasted from your profile without your knowledge then you must login to your facebook account and head over here www.facebook.com/mobile. Under the Upload via Email column click Find out more. A dialog box will come on your screen. Click refresh your upload Email ID now followed by reset. You are done for the day.

Facebook’s Upload Email ID feature is exploited by numerous hackers around the world everyday. Should facebook do away with it?